SNMPv3 configuration example
Network requirements
As shown in Figure 28, the NMS (1.1.1.2/24) uses SNMPv3 to monitor and manage the interface status of the agent (1.1.1.1/24), and the agent automatically sends traps to report events to the NMS.
The NMS and the agent perform authentication when they set up an SNMP session. The authentication algorithm is SHA-1 and the authentication key is 123456TESTauth&!. The NMS and the agent also encrypt the SNMP packets between them by using the AES algorithm and the privacy key 123456TESTencr&!.
Configuration procedure
Configure the agent:
# Configure the IP address of the agent and make sure the agent and the NMS can reach each other. (Details not shown.)
# Assign the NMS read and write access to the objects under the ifTable node (OID 1.3.6.1.2.1.2.2), and deny its access to any other MIB object.
<Agent> system-view [Agent] undo snmp-agent mib-view ViewDefault [Agent] snmp-agent mib-view included test ifTable [Agent] snmp-agent group v3 managev3group read-view test write-view test
# Set the username to managev3user, authentication algorithm to sha, authentication key to 123456TESTauth&!, encryption algorithm to aes128, and privacy key to 123456TESTencr&!.
[Agent] snmp-agent usm-user v3 managev3user managev3group simple authentication-mode sha 123456TESTauth&! privacy-mode aes128 123456TESTencr&!
# Configure contact person and physical location information for the agent.
[Agent] snmp-agent sys-info contact Mr.Wang-Tel:3306 [Agent] snmp-agent sys-info location telephone-closet,3rd-floor
# Enable traps, specify the NMS at 1.1.1.2 as a trap destination, and set the username to managev3user for the traps.
[Agent] snmp-agent trap enable [Agent] snmp-agent target-host trap address udp-domain 1.1.1.2 params securityname managev3user v3 privacy
Configure the SNMP NMS:
- Specify SNMPv3.
- Create the SNMPv3 user managev3user.
- Enable both authentication and privacy functions.
- Use SHA-1 for authentication and AES for encryption.
- Set the authentication key to 123456TESTauth&! and the privacy key to 123456TESTencr&!.
- Set the timeout time and maximum number of retries.
For information about configuring the NMS, see the NMS manual.
NOTE: The SNMP settings on the agent and the NMS must match.
Verify the configuration:
# Try to get the count of sent traps from the agent. The get attempt succeeds.
Send request to 1.1.1.1/161 ... Protocol version: SNMPv3 Operation: Get Request binding: 1: 1.3.6.1.2.1.11.29.0 Response binding: 1: Oid=snmpOutTraps.0 Syntax=CNTR32 Value=18 Get finished
# Try to get the device name from the agent. The get attempt fails because the NMS has no access right to the node.
Send request to 1.1.1.1/161 ... Protocol version: SNMPv3 Operation: Get Request binding: 1: 1.3.6.1.2.1.1.5.0 Response binding: 1: Oid=sysName.0 Syntax=noSuchObject Value=NULL Get finished
# Execute the shutdown or undo shutdown command on an idle interface on the agent. You can see the interface state change traps on the NMS:
1.1.1.1/3374 V3 Trap = linkdown SNMP Version = V3 Community = managev3user Command = Trap 1.1.1.1/3374 V3 Trap = linkup SNMP Version = V3 Community = managev3user Command = Trap
Example cod: HPE 5510 Switch
SNMP Client (Zabbix): 172.16.48.26
SNMP Server (Switch): 172.16.4.1
Switch Configuration:
snmp-agent snmp-agent local-engineid 800063A280DC680CF0E3C400000001 snmp-agent community read Companyread snmp-agent community write Companywrite snmp-agent sys-info contact Eng. Jhon Smith snmp-agent sys-info location US snmp-agent sys-info version all snmp-agent group v3 Company3group read-view privacy write-view internet snmp-agent target-host trap address udp-domain 172.16.48.26 params securityname Company3user v3 privacy snmp-agent mib-view included internet internet snmp-agent usm-user v3 Company3user Company3group simple authentication-mode sha passwordclient1 privacy-mode aes128 passwordclient2
snmp-agent trap enable arp snmp-agent trap enable radius snmp-agent trap enable stp snmp-agent trap enable syslog
Zabbix Configuration host:
Reboot Zabbix server:
Operatinal Host:
